Zero-trust architecture for a whistleblower reporting platform

The brief

Sector: Civic / legal-tech. Regulatory context: EU Whistleblower Directive (2019/1937), GDPR. Need: design a reporting platform where the operating organisation cannot access submission content, with cryptographic guarantees that data residency stays within the reporter's chosen jurisdiction.

Workstream decomposition

• WS-1: Threat model. Zero-trust threat model assuming a compromised server operator.
• WS-2: E2E encryption architecture. Design end-to-end encryption with per-submission key management — the server never holds plaintext.
• WS-3: Jurisdictional routing. Data-residency enforcement at the infrastructure level, with cryptographic proof of geographic constraint.

Deliverable shape

• Architecture specification and threat-model document
• Reference implementation of the encryption layer
• Research dossier: 22 source rows
• Compliance mapping for EU Whistleblower Directive

Outcomes

The platform passed independent security audit with zero critical findings. The client launched across three EU jurisdictions with full compliance certification.